Day: September 1, 2023

Motorized Camera Slider Rides On Carbon

September 1, 2023 by 1 Comment

While not every camera mount needs to have six degrees of freedom, one or two can be extremely helpful in the photographic world. In order to make time-lapse shots with some motion or shots that incorporate some parallax, a moving camera mount or dolly is needed, and this small one builds upon a pre-existing, although non-motorized, camera slider.

The slider is an inexpensive model from everyone’s favorite online warehouse, with rails that are at least coated in carbon, if not made out of it entirely, to ensure smooth camera motion. To add the motorization to automatically move the camera, a stepper motor with a belt drive is used which is controlled by an Arduino. A few limit switches are added, letting the dolly perform different movement patterns automatically, and a pair of potentiometers for fine and coarse speed control are included as well, letting the camera take both time-lapse and video while using this mount at various controllable speeds.

With everything tucked into a relatively small box at one end of the dolly, the build is both accessible and functional. The code for the microcontroller is also available on the project’s GitHub page for anyone looking to replicate or build upon the project. And, for those looking to add more degrees of freedom to their camera setups, take a look at this DIY pan and tilt mount.

Continue reading “Motorized Camera Slider Rides On Carbon”

This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack

September 1, 2023 by 6 Comments

Curl was recently notified of a CVE, CVE-2020-19909, rated at a hair-raising 9.8 on the CVSS scale. And PostgreSQL has CVE-2020-21469, clocking in with a 7.5 severity. You may notice something odd about those two vulnerabilities, but I promise the 2020 date is only the tip of the iceberg here.

Let’s start with PostgreSQL. That vulnerability was only present in version 12.2, which released in February of 2020, and was fixed with the 12.3 release in May of that same year. The problem is a stack buffer overflow, which doesn’t seem to enable code execution, but does cause a denial of service situation. To trigger the bug? Repeatedly send the PostgreSQL daemon the SIGHUP signal.

If you’re familiar with Linux signals, that might sound odd. See, the SIGHUP signal technically indicates the end of a user session, but most daemons use it to indicate a restart or reload request. And to send this signal, a user has to have elevated privileges — elevated enough to simply stop the daemon altogether. Put simply, it’s not a security vulnerability, just a minor bug.

And now on to curl — This one is just bizarre. The issue is a integer overflow in the --retry-delay argument, which specifies in seconds how often curl should retry a failing download. The value is multiplied by 1000 to convert to milliseconds, resulting in an overflow for very large values. The result of that overflow? A smaller value for the retry delay.

[Daniel Stenberg] makes the point that this tale is a wonderful demonstration of the brokenness of the CVE system and NVD’s handling of it. And in this case, it’s hard not to see this as negligence. We have to work really hard to construct a theoretical scenario where this bug could actually be exploited. The best I’ve been able to come up with is an online download tool, where the user can specify part of the target name and a timeout. If that tool had a check to ensure that the timeout was large enough to avoid excess traffic, this bug could bypass that check. Should we be assigning CVEs for that sort of convoluted, theoretical attack?

But here’s the thing, that attack scenario should rate something like a CVSS of 4.8 at absolute worst. NVD assigned this a 9.8. There’s no way you can squint at this bug hard enough to legitimately rank it that severe. At the time of writing, the NVD lists this as “UNDERGOING REANALYSIS”.
Continue reading “This Week In Security: Not A Vulnerability, BGP Bug Propogation, And Press Enter To Hack”

Re-Creating Pink Floyd In The Name Of Speech

September 1, 2023 by 18 Comments

For people who have lost the ability to speak, the future may include brain implants that bring that ability back. But could these brain implants also allow them to sing? Researchers believe that, all in all, it’s just another brick in the wall.

In a new study published in PLOS Biology, twenty-nine people who were already being monitored for epileptic seizures participated via a postage stamp-sized array of electrodes implanted directly on the surface of their brains. As the participants were exposed to Pink Floyd’s Another Brick In the Wall, Part 1, the researchers gathered data from several areas of the brain, each attuned to a different musical element such as harmony, rhythm, and so on. Then the researchers used machine learning to reconstruct the audio heard by the participants using their brainwaves.

First, an AI model looked at the data generated from the brains’ responses to components of the song, like the changes in rhythm, pitch, and tone. Then a second model rejiggered the piecemeal song and estimated the sounds heard by the patients. Of the seven audio samples published in the study results, we think #3 sounds the most like the song. It’s kind of creepy but ultimately very cool. What do you think?

Continue reading “Re-Creating Pink Floyd In The Name Of Speech”

Big 3D Printed Hand Uses Big Servos, Naturally

September 1, 2023 by 15 Comments

[Ivan Miranda] isn’t afraid to dream big, and hopes to soon build a 3D printed giant robot he can ride around on. As the first step towards that goal, he’s built a giant printed hand big enough to hold a basketball.

The hand has fingers with several jointed segments, inspired by those wooden hand models sold as home decor at IKEA. The fingers are controlled via a toothed belt system, with two beefy 11 kg servos responsible for flexing each individual finger joint. A third 25 kg servo flexes the finger as a whole. [Ivan] does a good job of hiding the mechanics and wiring inside the structure of the hand itself, making an attractive robot appendage.

As with many such projects, control is where things get actually difficult. It’s one thing to make a robot hand flex its fingers in and out, and another thing to make it move in a useful, coordinated fashion. Regardless, [Ivan] is able to have the hand grip various objects, in part due to the usefulness of the hand’s opposable thumb. Future plans involve adding positional feedback to improve the finesse of the control system.

Building a good robot hand is no mean feat, and it remains one of the challenges behind building capable humanoid robots. Video after the break.

Continue reading “Big 3D Printed Hand Uses Big Servos, Naturally”